CVE-2010-2628
N/A
N/A
Summary
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2010/2086
- http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html
- https://lists.strongswan.org/pipermail/users/2010-August/005167.html
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch
- http://www.vupen.com/english/advisories/2010/2085
- http://www.securitytracker.com/id?1024338
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch
- http://secunia.com/advisories/40956
- http://www.securityfocus.com/bid/42444
- https://bugzilla.novell.com/615915
- http://trac.strongswan.org/projects/strongswan/wiki/441
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch
References
- http://www.vupen.com/english/advisories/2010/2086
- http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html
- https://lists.strongswan.org/pipermail/users/2010-August/005167.html
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch
- http://www.vupen.com/english/advisories/2010/2085
- http://www.securitytracker.com/id?1024338
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch
- http://secunia.com/advisories/40956
- http://www.securityfocus.com/bid/42444
- https://bugzilla.novell.com/615915
- http://trac.strongswan.org/projects/strongswan/wiki/441
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.